diff --git a/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js b/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js
index a52e289092a4..913922271bb3 100644
--- a/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js
@@ -29,4 +29,6 @@ var overlapsWithClass2 = /[\w,.-?:*+]/; // NOT OK
 var tst2 = /^([ァ-ヾ]|[ｧ-ﾝﾞﾟ])+$/; // OK
 var tst3 = /[0-9０-９]/; // OK
 
-var question = /[0-?]/; // OK. matches one of: 0123456789:;<=>?
\ No newline at end of file
+var question = /[0-?]/; // OK. matches one of: 0123456789:;<=>?
+
+var atToZ = /[@-Z]/; // OK. matches one of: @ABCDEFGHIJKLMNOPQRSTUVWXYZ
\ No newline at end of file
diff --git a/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll b/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll
index 82a3585ab14a..57d7d365611b 100644
--- a/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll
+++ b/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll
@@ -132,6 +132,9 @@ module Make<RegexTreeViewSig TreeImpl> {
     or
     // the range 0123456789:;<=>? is intentional
     result.isRange("0", "?")
+    or
+    // [@-Z] is intentional, it's the same as [A-Z@]
+    result.isRange("@", "Z")
   }
 
   /** Gets a char between (and including) `low` and `high`. */